type rfs_access, domain;
type rfs_access_exec, exec_type, vendor_file_type, file_type;

init_daemon_domain(rfs_access)

#For tftp server
allow rfs_access self:capability { chown setgid setpcap setuid net_bind_service };

wakelock_use(rfs_access)
r_dir_file(rfs_access, vendor_firmware_file);

# For tftp server file access
allow rfs_access mnt_vendor_file:dir search;
allow rfs_access mnt_vendor_file:file r_file_perms;
allow rfs_access persist_file:dir search;
allow rfs_access persist_rfs_file:dir create_dir_perms;
allow rfs_access persist_rfs_file:file create_file_perms;
allow rfs_access mpss_rfs_data_file:dir create_dir_perms;
allow rfs_access mpss_rfs_data_file:file create_file_perms;
allow rfs_access rfs_tombstone_data_file:dir create_dir_perms;
allow rfs_access rfs_tombstone_data_file:file create_file_perms;

allow rfs_access self:socket create_socket_perms_no_ioctl;
userdebug_or_eng(`
allow rfs_access wifidump_vendor_data_file:dir rw_dir_perms;
allow rfs_access wifidump_vendor_data_file:file create_file_perms;
')

dontaudit rfs_access kernel:system module_request;